Defeating Windows 8 ROP Mitigation

Windows 8 introduced a number of exploit mitigation features. Including a feature designed to help mitigate exploits leveraging return-oriented programming (ROP).

Return-oriented Programming is where an attacker leverages control of the call stack to execute certain machine instructions in subroutines of programs. This avoids the need for direct code injection.

Windows 8 adds a simple function in an attempt to mitigate these exploits. Every function associated with manipulating virtual memory, includes a check that the stack pointer falls within the range defined by the Thread Environment Block (TEB).

Source for an in depth look at the exploit: http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/

Advertisements